IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: Compute metadata from context permissions (#45578)

Browse Source 
* AccessControl: Compute metadata from context permissions

* Remove nil

Co-authored-by: Jguer <joao.guerreiro@grafana.com>

* Check user permissions are set

Co-authored-by: Jguer <joao.guerreiro@grafana.com>
This commit is contained in:
Gabriel MABILLE
2022-02-18 11:27:00 +01:00
committed by GitHub
parent a5fd35691b
commit 14bee49f9a
10 changed files with 213 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/api/user.go
View File

@@ -3,14 +3,12 @@ package api
import (
"context"
"errors"
"fmt"
"net/http"
"strconv"
"github.com/grafana/grafana/pkg/api/dtos"
"github.com/grafana/grafana/pkg/api/response"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
"github.com/grafana/grafana/pkg/web"
@@ -48,33 +46,12 @@ func (hs *HTTPServer) getUserUserProfile(c *models.ReqContext, userID int64) res
query.Result.IsExternal = true
}
accessControlMetadata, errAC := hs.getGlobalUserAccessControlMetadata(c, userID)
if errAC != nil {
hs.log.Error("Failed to get access control metadata", "error", errAC)
}
query.Result.AccessControl = accessControlMetadata
query.Result.AccessControl = hs.getAccessControlMetadata(c, "global:users", userID)
query.Result.AvatarUrl = dtos.GetGravatarUrl(query.Result.Email)
return response.JSON(200, query.Result)
}
func (hs *HTTPServer) getGlobalUserAccessControlMetadata(c *models.ReqContext, userID int64) (accesscontrol.Metadata, error) {
if hs.AccessControl == nil || hs.AccessControl.IsDisabled() || !c.QueryBool("accesscontrol") {
return nil, nil
}
userPermissions, err := hs.AccessControl.GetUserPermissions(c.Req.Context(), c.SignedInUser, accesscontrol.Options{ReloadCache: false})
if err != nil || len(userPermissions) == 0 {
return nil, err
}
key := fmt.Sprintf("%d", userID)
userIDs := map[string]bool{key: true}
return accesscontrol.GetResourcesMetadata(c.Req.Context(), userPermissions, "global:users", userIDs)[key], nil
}
// GET /api/users/lookup
func (hs *HTTPServer) GetUserByLoginOrEmail(c *models.ReqContext) response.Response {
query := models.GetUserByLoginQuery{LoginOrEmail: c.Query("loginOrEmail")}